package com.wfx.security;

import com.wfx.filter.MyBasicAuthenticationFilter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * <p>title: com.qfedu.security</p>
 * author zhuximing
 * description:
 */
@EnableWebSecurity
//开启@PreAuthorize()注解
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MySecurityConfig  extends WebSecurityConfigurerAdapter {
 //系统资源的访问规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //所有资源必须登录
        http.authorizeRequests().anyRequest().authenticated();
        //让MyBasicAuthenticationFilter生效
        http.addFilter(new MyBasicAuthenticationFilter(authenticationManager()));
        http.cors();
        http.csrf().disable();//禁用csrf过滤器
    }
}